Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/LnlBqipa1-4IaKhtb3UUyIjU2i8.roa
File: LnlBqipa1-4IaKhtb3UUyIjU2i8.roa (raw, json)
Hash identifier: 9HA+VVeawvxhiiFaG+kqfV9wo1PwUp+cZz0vfSASxPo=
Subject key identifier: 2E:79:41:AA:2A:5A:D7:EE:08:68:A8:6D:6F:75:14:C8:88:D4:DA:2F
Certificate issuer: /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial: 0632D43A
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/LnlBqipa1-4IaKhtb3UUyIjU2i8.roa
Signing time: Thu 10 Mar 2022 14:10:36 +0000
ROA not before: Thu 10 Mar 2022 14:10:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 197071
IP address blocks: 31.214.240.0/21 maxlen: 32
95.156.226.0/23 maxlen: 32
95.156.225.0/24 maxlen: 32
109.230.252.0/22 maxlen: 32
95.156.228.0/22 maxlen: 32
95.156.232.0/24 maxlen: 32
185.87.20.0/22 maxlen: 32
109.230.195.0/24 maxlen: 32
46.251.225.0/24 maxlen: 32
46.251.227.0/24 maxlen: 32
109.230.224.0/20 maxlen: 32
31.214.149.0/24 maxlen: 32
134.255.216.0/21 maxlen: 32
134.255.224.0/20 maxlen: 32
134.255.252.0/22 maxlen: 32
193.25.201.0/24 maxlen: 32
2a05:bec0::/29 maxlen: 128
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 103994426 (0x632d43a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Validity
Not Before: Mar 10 14:10:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2e7941aa2a5ad7ee0868a86d6f7514c888d4da2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:05:7d:27:9c:1a:19:99:c6:42:dc:e3:64:81:
24:87:fa:e1:6c:b5:73:a3:d5:10:19:5c:8c:7d:e8:
cd:0b:01:94:4a:7b:ec:eb:d6:c4:3d:57:16:01:b8:
0d:b1:a4:3f:26:5e:b8:d1:24:33:b6:c9:bd:07:c5:
b2:83:e4:03:24:a4:8e:21:31:a2:b2:5a:d7:70:8a:
6a:ca:6e:5a:24:9c:83:d5:57:18:7f:ea:48:55:ef:
d7:de:85:ba:f3:a7:26:3f:d3:8a:e6:0a:67:71:28:
3b:a0:0a:96:4b:31:52:73:0b:3e:c7:5e:61:67:3c:
ff:f0:f1:73:a7:9c:74:cf:31:3e:b1:7b:0b:05:26:
39:78:7c:e4:ed:18:09:eb:4e:75:2c:9b:b5:6e:c5:
71:4a:d5:92:cb:95:00:f7:0f:ce:58:6c:36:39:79:
6a:31:e6:9a:a7:a8:63:cf:77:0d:ee:fb:5b:26:b3:
75:d8:e5:bd:4e:0f:cf:20:ec:25:2e:2a:88:db:2f:
fd:eb:96:76:2c:b6:fc:89:a9:8b:8e:57:c9:b7:c0:
5a:6d:1b:76:7e:2a:bd:c2:31:b2:1f:2e:17:40:5f:
2b:fc:d0:67:e5:ba:6d:9b:82:b8:4b:e1:0e:94:54:
6b:20:42:36:5c:94:93:3a:12:cc:00:87:11:ff:9c:
66:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:79:41:AA:2A:5A:D7:EE:08:68:A8:6D:6F:75:14:C8:88:D4:DA:2F
X509v3 Authority Key Identifier:
keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/LnlBqipa1-4IaKhtb3UUyIjU2i8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.149.0/24
31.214.240.0/21
46.251.225.0/24
46.251.227.0/24
95.156.225.0-95.156.232.255
109.230.195.0/24
109.230.224.0/20
109.230.252.0/22
134.255.216.0-134.255.239.255
134.255.252.0/22
185.87.20.0/22
193.25.201.0/24
IPv6:
2a05:bec0::/29
Signature Algorithm: sha256WithRSAEncryption
b5:2b:b1:9c:bd:a0:14:8e:79:cd:81:c9:9d:9e:41:01:6a:e3:
70:8b:cd:fb:f9:80:30:89:c5:55:ee:98:82:88:8c:f6:a4:93:
2a:6d:74:1d:14:38:5d:72:52:6e:30:9b:b5:c4:ff:cc:87:9c:
fc:d6:43:ec:27:ed:6c:ac:3d:6b:8c:6b:a3:72:cd:f9:88:11:
e0:09:25:cc:62:e6:e1:c5:3a:48:20:53:63:94:32:8d:bb:4c:
c4:1a:08:b1:2b:b8:39:7c:f1:38:75:51:e7:fd:ea:07:ab:73:
cb:21:49:84:29:7c:82:ce:88:c0:00:bc:6f:d5:75:c0:90:ad:
76:26:3b:d9:7c:38:28:6c:43:99:ba:e1:a9:12:c0:ac:91:5e:
c2:a5:99:59:28:2b:54:29:7b:1e:be:ba:29:ff:54:d9:d4:dd:
00:93:b4:b5:72:4f:16:de:01:e1:cd:6b:ef:3e:8d:b8:d5:cb:
12:ff:ec:a6:86:b5:bb:ed:68:4f:5e:89:8e:36:5e:fe:5b:75:
5d:3c:ce:25:67:14:ad:d4:3c:63:d2:74:66:92:7e:48:a2:e8:
0c:f2:64:29:24:4d:51:b5:c3:2a:d0:23:ce:f9:b6:40:19:b8:
29:50:fc:89:2a:62:88:95:36:b0:3e:04:00:2a:74:34:50:99:
2f:7f:07:5f
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIEBjLUOjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
YTM3NmM4MDA4ZDZhYmQ5NjIzNDE1NjNkZDJhNGRjY2FmMTUzY2JhMB4XDTIyMDMx
MDE0MTAzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmU3OTQxYWEyYTVh
ZDdlZTA4NjhhODZkNmY3NTE0Yzg4OGQ0ZGEyZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMAFfSecGhmZxkLc42SBJIf64Wy1c6PVEBlcjH3ozQsBlEp7
7OvWxD1XFgG4DbGkPyZeuNEkM7bJvQfFsoPkAySkjiExorJa13CKaspuWiScg9VX
GH/qSFXv196FuvOnJj/TiuYKZ3EoO6AKlksxUnMLPsdeYWc8//Dxc6ecdM8xPrF7
CwUmOXh85O0YCetOdSybtW7FcUrVksuVAPcPzlhsNjl5ajHmmqeoY893De77Wyaz
ddjlvU4PzyDsJS4qiNsv/euWdiy2/Impi45XybfAWm0bdn4qvcIxsh8uF0BfK/zQ
Z+W6bZuCuEvhDpRUayBCNlyUkzoSzACHEf+cZp8CAwEAAaOCAmswggJnMB0GA1Ud
DgQWBBQueUGqKlrX7ghoqG1vdRTIiNTaLzAfBgNVHSMEGDAWgBRaN2yACNar2WI0
FWPdKk3MrxU8ujAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dqZHNnQWpXcTlsaU5CVmozU3BOeks4VlBMby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDIvY2FhNzQzLTFjMTMtNGEyNS05ZjZhLTY1YmU1NTAzMTY1ZC8x
L0xubEJxaXBhMS00SWFLaHRiM1VVeUlqVTJpOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIv
Y2FhNzQzLTFjMTMtNGEyNS05ZjZhLTY1YmU1NTAzMTY1ZC8xL1dqZHNnQWpXcTls
aU5CVmozU3BOeks4VlBMby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
gAYIKwYBBQUHAQcBAf8EcTBvMF4EAgABMFgDBAAf1pUDBAMf1vADBAAu++EDBAAu
++MwDAMEAF+c4QMEAF+c6AMEAG3mwwMEBG3m4AMEAm3m/DAMAwQDhv/YAwQEhv/g
AwQChv/8AwQCuVcUAwQAwRnJMA0EAgACMAcDBQMqBb7AMA0GCSqGSIb3DQEBCwUA
A4IBAQC1K7GcvaAUjnnNgcmdnkEBauNwi837+YAwicVV7piCiIz2pJMqbXQdFDhd
clJuMJu1xP/Mh5z81kPsJ+1srD1rjGujcs35iBHgCSXMYubhxTpIIFNjlDKNu0zE
GgixK7g5fPE4dVHn/eoHq3PLIUmEKXyCzojAALxv1XXAkK12JjvZfDgobEOZuuGp
EsCskV7CpZlZKCtUKXsevrop/1TZ1N0Ak7S1ck8W3gHhzWvvPo241csS/+ymhrW7
7WhPXomONl7+W3VdPM4lZxSt1Dxj0nRmkn5IougM8mQpJE1RtcMq0CPO+bZAGbgp
UPyJKmKIlTawPgQAKnQ0UJkvfwdf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:07 2024 by rpki-client on console-fra.rpki-client.org